diff options
| author | Alexander Bluhm <bluhm@cvs.openbsd.org> | 2017-06-07 20:09:08 +0000 |
|---|---|---|
| committer | Alexander Bluhm <bluhm@cvs.openbsd.org> | 2017-06-07 20:09:08 +0000 |
| commit | 89869eb612c66629cb6794c57133b83fbd4976c0 (patch) | |
| tree | 80188208faf329df7fe892b8a4f20dc4ce8072fa /regress | |
| parent | ce24d4fb446ac06a4eb83bea0568f6d8ce0ec299 (diff) | |
To test IPv6 fragements with extension header, the pf pass rules
need an allow-opts. Otherwise pf blocks packets with option header.
Diffstat (limited to 'regress')
| -rw-r--r-- | regress/sys/net/pf_fragment/pf.conf | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/regress/sys/net/pf_fragment/pf.conf b/regress/sys/net/pf_fragment/pf.conf index 15c8a6635c8..ca761d20993 100644 --- a/regress/sys/net/pf_fragment/pf.conf +++ b/regress/sys/net/pf_fragment/pf.conf @@ -1,9 +1,9 @@ # pf on PF must have these rules in the regress anchor -pass to { $PF_IN/24 $PF_IN6/64 } -pass to { $RT_IN/24 $RT_IN6/64 } -pass to { $ECO_IN/24 $ECO_IN6/64 } -pass to { $RDR_IN/24 $RDR_IN6/64 } +pass to { $PF_IN/24 $PF_IN6/64 } allow-opts +pass to { $RT_IN/24 $RT_IN6/64 } allow-opts +pass to { $ECO_IN/24 $ECO_IN6/64 } allow-opts +pass to { $RDR_IN/24 $RDR_IN6/64 } allow-opts pass in to $RDR_IN/24 rdr-to $ECO_IN allow-opts tag rdr pass out nat-to $PF_OUT allow-opts tagged rdr |